BOS_SETRESTRICTED(8) AFS Command Reference BOS_SETRESTRICTED(8)NAME
bos_setrestricted - place a server in restricted mode
SYNOPSIS
bos setrestricted -server <machine name> -mode 1
[-cell <cell name>] [-noauth] [-localauth] [-help]
DESCRIPTION
The bos setrestricted command places the server in restricted mode.
This mode increases the security of the bos server by removing access
to a number of bos commands that are only used whilst configuring a
system.
When a server is in restricted mode, access to bos_exec, bos uninstall,
bos install, bos create, bos delete, bos prune is denied, and the use
of bos getlog is limited.
CAUTIONS
Once a server has been placed in restricted mode, it may not be opened
up again using a remote command. That is, bos setrestricted has no
method of setting an unrestricted mode. Once a server is restricted, it
can only be opened up again by sending it a SIGFPE, which must be done
as root on the local machine.
OPTIONS-server <machine name>
Indicates the server machine to restrict.
-cell <cell name>
Names the cell in which to run the command. Do not combine this
argument with the -localauth flag. For more details, see bos(8).
-noauth
Assigns the unprivileged identity "anonymous" to the issuer. Do not
combine this flag with the -localauth flag. For more details, see
bos(8).
-localauth
Constructs a server ticket using a key from the local
/usr/afs/etc/KeyFile file. The bos command interpreter presents the
ticket to the BOS Server during mutual authentication. Do not
combine this flag with the -cell or -noauth options. For more
details, see bos(8).
-help
Prints the online help for this command. All other valid options
are ignored.
PRIVILEGE REQUIRED
The issuer must be listed in the /usr/afs/etc/UserList file on the
machine named by the -server argument, or must be logged in as the
local superuser "root" if the -localauth flag is included.
As noted above, this command cannot be run against servers which are
already in restricted mode.
SEE ALSObos(8)COPYRIGHT
Copyright 2009 Simon Wilkinson <simon@sxw.org.uk>
This documentation is covered by the BSD License as written in the
doc/LICENSE file. This man page was written by Simon Wilkinson for
OpenAFS.
OpenAFS 2013-10-09 BOS_SETRESTRICTED(8)